Posts Tagged "Cloud"

Managing a hybrid cloud environment demands a holistic approach. In the rapidly evolving landscape of modern computing, data centers are burdened with the challenge to meet the ever-growing demands of enterprises, while remaining agile, cost-effective, and secure. One solution that has helped data centers immensely is the adoption of a hybrid cloud model, which is a computing environment that combines both public cloud capabilities and a private cloud infrastructure. By combining the strengths of public and private cloud environments, a hybrid cloud architecture offers enterprises a transformative approach to data center management.

The foundation of a successful hybrid cloud implementation lies in establishing a robust infrastructure that seamlessly connects private and public cloud resources. Data centers need to manage data movement, synchronization, and replication between their on-premises infrastructure and public cloud providers. This requires robust data management and integration capabilities within the data center.

Enterprises must invest in modernizing their networking and storage infrastructure, employing software-defined networking (SDN) and software-defined storage (SDS) technologies to enable efficient data movement and workload mobility across environments.

Potential of a hybrid cloud for data centers

Hybrid cloud networking is crucial for establishing seamless connectivity between data centers and public cloud providers. Implementing high-speed, low-latency connections, such as virtual private networks (VPNs) or dedicated links, ensures reliable and secure data transfer. Data centers must focus on network optimization, traffic routing, and intelligent load balancing to maximize performance in hybrid environments.

Enterprises must implement a unified hybrid cloud management platform which is capable of providing visibility, control, and automation across diverse cloud resources. This central management framework streamlines operations, ensuring consistent policies, security controls, and compliance across both – private and public clouds.

Working with a hybrid cloud services provider

A hybrid cloud services provider acts as a strategic partner that empowers enterprises to seamlessly integrate public and private cloud resources. By partnering with a reliable provider, data centers gain access to a comprehensive suite of tools, technologies, and expertise required to architect and manage hybrid cloud environments effectively.

Enterprises benefit from cloud adjacency or the close proximity of their data centers to hybrid cloud service providers’ points of presence or regional hubs. This arrangement offers several benefits, such as reduced latency, improved data transfer speeds, lower network costs, and better interconnectivity.

The provider of a hybrid cloud architecture offers unparalleled flexibility and scalability, allowing enterprises to optimize resource allocation, by leveraging private infrastructure for sensitive workloads, and tapping into the vast compute power of public clouds for bursting or scaling requirements. This dynamic approach enhances operational efficiency and cost-effectiveness, accommodating evolving business needs.

Adopting advanced technologies to automate and streamline multiple data center processes helps increase efficiency and reduce costs. Data center architects need to design data center infrastructures that can seamlessly integrate with public cloud providers, enabling the efficient movement of workloads between on-premise data centers and the public cloud. By adopting a hybrid cloud model, data centers can easily track and monitor their networks, applications, and user behaviour.

Benefits of adopting a hybrid cloud

The emergence of the hybrid cloud has significant implications for data centers. Here’s an overview of what hybrid clouds have in store for data centers:

1. Flexibility and Scalability: A hybrid cloud enables enterprises to scale their computing resources up or down based on demand. It enables data centers to accommodate the dynamic nature of workloads that may span across both private and public cloud environments. During peak periods or when facing sudden spikes in workload, the public cloud can provide additional capacity, ensuring smooth operations without compromising performance.
2. Connectivity and Network Setup: Hybrid cloud deployments offer strong connectivity between a private data center and a public cloud provider. They ensure reliable and low-latency connectivity. Hybrid cloud connectivity extends beyond the boundaries of the data center, encompassing various cloud services and endpoints. To fully harness the benefits of hybrid cloud, data centers should prioritize interconnectivity between on-premises infrastructure, public clouds, and other external services.
3. Data Center Modernization: To support hybrid cloud environments, data centers may need to modernize their infrastructure, adopting technologies such as software-defined networking (SDN), virtualization, and automation through AI/ML. These upgrades allow for better integration and management of workloads across between colocation, private cloud, and public cloud environment. By harnessing real-time monitoring, data visualization, and predictive analytics, organizations can optimize data center performance, enhance reliability, and proactively address potential issues. The benefits of data center monitoring analytics extend to improved resource utilization, reduced downtime, enhanced security, and better decision-making.
4. Security and Compliance: Data centers play a critical role in ensuring the security and compliance of data and workloads in a hybrid cloud environment. A robust hybrid cloud management platform offers a unified view of resources, facilitates workload placement decisions, automates provisioning and scaling, enforces security policies, and enables seamless workload migration between clouds in a secure manner. Enterprises need to implement robust security measures, access controls, encryption, and monitoring systems to protect their data in the hybrid cloud. Here are some common security practices that data centers must embrace:
   • Limiting physical access to authorized personnel through key cards, biometric authorization or other access control mechanisms.
   • Implementing perimeter security such as fencing, gates, and security patrols.
   • Deploying firewalls to control and monitor incoming and outgoing network traffic.
   • Installing Intrusion Detection/Prevention Systems to detect and prevent suspicious activities and potential attacks.
   • Encrypting sensitive data both at rest and during transmission using strong encryption algorithms (e.g., AES, RSA) to protect against unauthorized access.
   • Implementing SSL/TLS protocols to secure data transmission over networks and web applications.
   • Conducting regular vulnerability assessments to identify potential weaknesses and vulnerabilities in the data center infrastructure and applications.
   • Establishing a well-defined incident response plan to handle security breaches and incidents effectively and minimize their impact.
5. Data Placement and Workload Optimization: Enterprises are able to make intelligent decisions about where to place their workloads and data based on factors like performance, cost, compliance requirements, and data sovereignty regulations. This involves optimizing workload distribution between the private and public components of the hybrid environment. Doing this prevents bottlenecks and minimizes downtime. By analyzing sensor data and historical trends, data center service providers can improve equipment uptime by up to 20% with advanced predictive analytics.
6. Data Backup for Disaster Recovery and Business Continuity: Implementing a robust data backup strategy helps ensure data integrity and availability in the event of data loss or corruption. Data centers must also develop comprehensive disaster recovery plans to recover critical systems and data in case of a disaster or major outage.
7. Multi-cloud Strategy: A multi-cloud strategy empowers data centers with greater flexibility, resilience, and cost optimization. By diversifying their cloud resources across multiple providers, data centers can take advantage of the strengths of different vendors, optimize performance, and maintain operational efficiency even in the face of disruptions or changes in the cloud landscape. Additionally, a multi-cloud approach enables data centers to adapt to evolving business needs while maintaining control over their infrastructure and data.

Unlock the benefits of the hybrid cloud for your enterprise with Sify

With the right hybrid cloud services provider, robust infrastructure, streamlined connectivity, and effective management platform, data centers can unlock the full potential of hybrid cloud and position themselves at the forefront of digital transformation. A hybrid cloud can not only future-proof data centers but also enable enterprises to thrive in an increasingly competitive and dynamic business landscape.

At Sify Technologies, we understand the importance of hybrid cloud for data centers and how it revolutionizes the way enterprises utilize and leverage cloud services. We empower data centers to optimize resource utilization, improve operational efficiency, and enhance overall productivity and profitability.

We also help data centers to adapt to evolving business needs, optimize resource utilization, and deliver exceptional performance. We have invested in more than 200 MW of green power because we are committed to reducing our global carbon footprint by promoting the usage of sustainable energy. Our green data centers are designed to help enterprises reduce energy costs by up to 40%.

A pioneer in the industry, Sify Technologies has been consistently helping enterprises with bespoke hybrid cloud management and data center services for several years. Our customers work with us because we:

• Conceptualize, architect and implement the most efficient hybrid cloud
• Provide a consistent user experience across clouds
• Automate the discovery and tagging of critical resources across cloud environments
• Offer AI-driven workload optimization for enhanced app performance
• Ensure detailed tracking of billing data

Learn how your enterprise can benefit from the Sify Data Center experience.

With 90%+ of Fortune-500 organizations running SAP to manage their mission-critical business processes and considering the much-enhanced risk of cyber-security breach in today’s volatile and tech-savvy geo-socio-political world, security of your SAP systems deserves much more serious consideration than ever before.

The incidents like hacked websites, successful Denial-of-Service attacks, stolen user data like passwords, bank account number and other sensitive data are on the rise.

Taking a holistic view, this article captures possible ways, remediation to plug in all the possible gaps in various layers. (Right from Operating system level to network level to application level to Cloud and in between). The related SAP products/solutions and the best practices are also addressed in the context of security.

1. Protect your IT environment

Internet Transaction Server (ITS) Security

To make SAP system application available for safe access from a web browser, a middleware component called Internet Transaction Server (ITS) is used. The ITS architecture has many built-in security features.

Network Basics (SAP Router, Firewalls and Network Ports)

The basic security tools that SAP uses are Firewalls, Network Ports, SAP Router. SAP Web dispatcher and SAP Router are examples of application level gateways that can be used for filtering SAP network traffic.

Web-AS (Application Server) Security

SSL (Secure Socket Layer), is a standard security technology for establishing an encrypted link between a server and client. SSL authenticates the communication partners(server & client), by determining the variables of the encryption.

2. Operating System Security hardening for HANA

SAP pays high attention on the security topic. At least as important as the security of the HANA database is the security of the underlying Operating System. Many hacker attacks are targeted on the Operating System and not directly on the database. Once a hacker gained access and sufficient privileges, he can continue to attack the running database application.

Customized operating system security hardening for HANA include:

• Security hardening settings for HANA
• SUSE/RHEL firewall for HANA
• Minimal OS package selection (The fewer OS packages a HANA system has installed, the less possible security holes it might have)

For any server hardening, following procedure is used –

• Benchmark templates used for hardening
• Hardening parameters considered
• Steps followed for hardening
• Post-hardening test by DB/application team

The above procedures should help SAP customers in securing their servers (mostly on HP UNIX, SUSE Linux, RHEL or Wintel) from threats, known/unknown attacks and vulnerabilities. It also adds one more layer of security at the host level.

3. SAP Application (Transaction-level security)

SAP Security has always been a fine balancing act of protecting the SAP data and applications from unauthorized use and access and at the same time, allowing users to do the transactions they’re supposed to.  A lot of thinking needs to go in designing the SAP authorization matrix taking into account the principle of segregation of duties. (SoD)

The Business Transaction Analysis (Transaction code STAD) delivers workload statistics across business transactions (that is, a user’s transaction that starts when a transaction is called (/n…) and that ends with an update call or when the user leaves the transaction) and jobs. STAD data can be used to monitor, analyse, audit and maintain the security against unauthorized transaction access.

4.   SAP GRC

SAP GRC (Governance, Risk & Compliance) , a key offering from SAP has following sub-modules:

Access control

SAP GRC Access Control application enables reduction of access risk across the enterprise by helping prevent unauthorized access across SAP applications and achieving real-time visibility into access risk.

Process control –

SAP GRC Process Control is an application used to meet production business process and information technology (IT) control monitoring requirements, as well as to serve as an integrated, end-to-end internal control compliance management solution.

Risk Management

• Enterprise-wide risk management framework
• Key risk indicators, automate risk alerts from business applications

5. SAP Audit –

AIS (Audit Information System) –

AIS or Audit Information System is an in-built auditing tool in SAP that you can use to analyse security aspects of your SAP system in detail. AIS is designed for business audits and systems audits. It presents its information in the Audit Info Structure.

Besides this, there can be license audit by SAP and or by the auditing firm of your company (like Deloitte/PwC).

Basic Audit

Here the SAP auditors collaborate strongly with a given license compliance manager who is responsible for ensuring that the audit activities correspond with SAP’s procedure and directives. The number of basic audits undertaken is subject to SAP’s yearly planning, and it is worth noting that not all customers are audited annually.

The auditors perform below tasks (though they will vary a bit from organization to organization & from auditor to auditor):

• Analysis of the system landscape to make sure that all relevant systems (production and development) are measured.
• Technical verification of the USMM log files: correctness of the client, price list selection, user types, dialog users vs. technical users, background jobs, installed components, etc.
• Technical verification of the LAW: users’ combination and their count, etc.
• Analysis of engine measurement – verification of the SAP Notes
• Additional verification of expired users, multiple logons, late logons, workbench development activities, etc.
• Verification of Self Declaration Products, HANA measurement and Business Object.

SAP Enhanced Audit –

Enhanced audit is performed remotely and/or onsite and is addressed to selected customers. Besides the tasks undertaken in ‘Basic Audit’, it additionally covers –

• Checking interactions between SAP and non-SAP systems
• Data flow direction
• Details of how data is transferred between systems/users (EDI, iDoc, etc)

6. Security in SAP S/4 HANA and SAP BW/4 HANA

SAP S/4 HANA & SAP BW/4 HANA use the same security model as traditional ABAP applications. All the earlier explained components/security solutions are fully applicable in S/4 HANA as well as BW/4 HANA.

But these are increased security challenges posed by its component, SAP Fiori, which brings in mobility. But increased mobility means that data can be transferred over a 4G signal, which is not as secure and is easier to hack into. If a device falls into the wrong hands, due to theft or loss, that person could then gain unlawful access to your system. Its remediation is elaborated next.

7. Security in Fiori

While launching SAP Fiori app, the request is sent from the client to the ABAP front-end server by the SAP Fiori Launchpad via Web Dispatcher. ABAP front-end server authenticates the user when this request is sent. To authenticate the user, the ABAP front-end server uses the authentication and single sign-on (SSO) mechanisms provided by SAP NetWeaver.

Securing SAP Fiori system ensures that the information and processes support your business needs, are secured without any unauthorized access to critical information.

The biggest threat for an SAP app is the risk of an employee losing important data of customers. The good thing about mobile SAP is that most mobile devices are enabled with remote wipe capabilities. And many of the CRM- related functions that organizations are looking to use on mobile phones, are cloud-based, which means the confidential data does not reside on the device itself.

SAP Afaria, one of the most popular mobile SAP security providers, is used by many large organizations to enhance the security in Fiori. It helps to connect mobile devices such as smartphones and tablet computers. Afaria can automate electronic file distribution, file and directory management, notifications, and system registry management tasks. Critical security tasks include the regular backing up of data, installing patches and security updates, enforcing security policies and monitoring security violations or threats.

8. SAP Analytical Cloud (SAC)

SAP Analytics Cloud (or SAP Cloud for Analytics) is a software as a service (SaaS) business intelligence (BI) platform designed by SAP. Analytics Cloud is made specifically with the intent of providing all analytics capabilities to all users in one product.

Built natively on SAP HANA Cloud Platform (HCP), SAP Analytics Cloud allows data analysts and business decision makers to visualize, plan and make predictions all from one secure, cloud-based environment. With all the data sources and analytics functions in one product, Analytics Cloud users can work more efficiently. It is seamlessly integrated with Microsoft Office.

SAP Analytical Cloud use the same security model as traditional ABAP applications.

The concept of roles, users, teams, permissions and auditing activities are available to manage security.

9. Identity Management

SAP Identity Management is part of a comprehensive SAP security suite and covers the entire identity lifecycle and automation capabilities based on business processes.

It takes a holistic approach towards managing identities & permissions. It ensures that the right users have the right access to the right systems at the right the time. It thereby enables the efficient, secure and compliant execution of business processes.

10. IAG – (Identity Access Governance) for Cloud Security

SAP Identity Access Governance (IAG) is a multi-tenant solution built on top of  SAP Business Technology Platform (BTP) and SAP’s proprietary HANA database. It is SAP’s latest innovation for Access Governance for Cloud.

It provides out of the box integration with SAP’s latest cloud applications such as SAP Ariba, SAP Successfactors, SAP S/4HANA Cloud, SAP Analytics Cloud and other cloud solutions with many more SAP and non-SAP integrations on the roadmap.

11. SAP Data Custodian

To allay the fears of data security in SAP systems hosted on Public Cloud, SAP introduced its latest solution called ‘SAP Data Custodian’.  It is an innovative Governance, risk and compliance SaaS solution which can give your organization similar visibility and control of your data in the public cloud that was previously available only on-premise or in a private cloud.

• It allows you localize your data and to restrict access to your cloud resources and SAP applications based on user context including geo-location and citizenship
• Restricts access to your data, including access by employees of the cloud infrastructure provider 
• Puts encryption key management control in your hands and provides an additional layer of data protection by segregating your keys from your business data
• Uses tokenization to secure sensitive database fields by replacing sensitive data with format-preserving randomly generated strings of characters or symbols, known as tokens
• With data discovery you can scan for sensitive data categories such as SSN / SIN, national ID number, passport number, IBAN, credit card, email address, ethnicity, et cetera, based on pattern determination and machine learning

12. Futuristic approach towards securing ERP systems

Driven by the digital transformation of businesses and its demand for flexible computing resources, the cloud has become the prevalent deployment model for enterprise services and applications introducing complex stakeholder relations and extended attack surfaces.

Mobility (access from smart phones/tablets) & IOT (Internet of things) brought in new challenges of scale (“billions of devises”) and required to cope with their limited computational and storage capabilities asking for the design of specific light-weight security protocols. Sensor integration offered new opportunities for application scenarios, for instance, in distributed supply chains.

Increased capabilities of sensors and gateways now allow to move business logic to the edge, removing the backend bottleneck for performance.

SAP has been investing a lot in drawing, refining its roadmap for security for the future.

It used McKinsey’s 7S strategy concept to review SAP Security Research and adapt supporting factors. Secondly, it assessed technology trends provided by Gartner, Forrester, IDC and others to look into probable security challenges.

As per SAP’s research, today’s big challenges in cybersecurity emanate around ML (Machine Learning). The trend is ML anywhere! ML itself provides a new attack vector which needs to be secured. In addition, ML is used by attackers and so needs to be used by us to better defend our solutions.

Machine Learning that has the most significant impact on the security and privacy roadmap these days, both providing the power of data to design novel security mechanisms as well as requiring new security and privacy paradigms to counter Machine Learning specific threats.

Deceptive applications is another trend SAP foresees. Applications must be enabled to identify attackers and defend themselves.

Thirdly, still underestimated, SAP foresees the attacks via Open Source or Third-party software. SAP has been adapting its strategy accordingly to tackle those new trends.

Wishing all SAP Customers a Happy, Safe and Compliant SAP experience!